I'm getting a *flood* of spam coming in from Yahoo! mailservers, both to my
personal and work addresses. It seems that Yahoo! don't care. Here's the
response to me piping a sample one through Spamcop:
Yahoo claim "After investigation, we have determined that this email message
did not originate from the Yahoo! Mail system. It appears that the sender of
this message forged the header information to give the impression that it
came from the Yahoo! Mail system."
abuse@mooli:~$ host 216.145.54.173
173.54.145.216.in-addr.arpa domain name pointer mrout3.yahoo.com.
abuse@mooli:~$ host mrout3.yahoo.com mrout3.yahoo.com has address 216.145.54.173
abuse@mooli:~$ whois 216.145.54.173
OrgName: Yahoo! Inc.
OrgID: YAHOOI-2
Address: 701 First Avenue
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
[etc]
Doing double-DNS lookups of the IP addresses on other spams also give yahoo.com hostnames, and they're typically in DNSBLs for being sources of
spam and a useless abuse address.
So, which IP blocks shall I null-route then? Or is there anybody here from
Yahoo! with a clue? (OK, you can all stop laughing now.)
Only problem with that is 172.30.132.19 is part of
NetRange: 172.16.0.0 - 172.31.255.255
CIDR: 172.16.0.0/12
NetName: IANA-BBLK-RESERVED
So even if you did trust that Received line, it still had to come from inside yahoo.com (unless someone briefly announced some of 172.16.0.0/12 and yahoo both accepted the route and relayed for it).
AFAIK, from other lists, Yahoo is aware of this screwup (disclaiming responsibility for 216.145.48.0/20) and is working on it.
I’m getting a flood of spam coming in from Yahoo! mailservers, both to my
personal and work addresses. It seems that Yahoo! don’t care. Here’s the
response to me piping a sample one through Spamcop:
Yahoo claim “After investigation, we have determined that this email message
did not originate from the Yahoo! Mail system. It appears that the sender of
this message forged the header information to give the impression that it
came from the Yahoo! Mail system.”
OrgName: Yahoo! Inc.
OrgID: YAHOOI-2
Address: 701 First Avenue
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
[etc]
Doing double-DNS lookups of the IP addresses on other spams also give yahoo.com hostnames, and they’re typically in DNSBLs for being sources of
spam and a useless abuse address.
So, which IP blocks shall I null-route then? Or is there anybody here from
Yahoo! with a clue? (OK, you can all stop laughing now.)
Ewww. p4pnet.net is part of a company Yahoo acquired that is still in the
process of being integrated.
Personally, I’d just null-route the blocks–I’m sure it’ll decrease the load
on the Internet as a whole while Yahoo works on trying to clean up their
acquisitions. Of course, that’s me speaking for myself, and not in any
way shape or form speaking for my employer. ^_^;;
There are spam clueful people at Yahoo from the NANAE and anti-spam
communities–when stuff like this shows up in public forums, it does get
noticed and passed along. I agree, it would be better if it could garner
the right level of attention without being called out in public forums like
this, though.
